Garvin Hicking wrote:
Hi!
https://sourceforge.net/tracker/index.php?func=detail&aid=1312571&gr... 067&atid=377410
i would like to commit this into CVS, if no one is against.
Marc? Michal?
I think this portion:
+foreach( $_GET as $key => $val ) {
- if ( ! in_array( $key, $drops ) ) {
$url_querys[] = $key . '=' . $val;- }
allows for XSS attacks to index.php which outputs remote input HTML/JS code.
uuh, sorry fixed this with
$url_querys[] = urlencode( $key ) . '=' . urlencode( $val );
Added to that, it seems your patch kills the $cfg['LeftFrameTableSeparator'] functionality of nested table groups in non-light mode. It seems you removed all the PMA_nestedSet() functionality without proper replacement of its content?
did you tried? or took you just a look at the code?
$cfg['LeftFrameTableSeparator'] is respected and should be properly displayed - if not pls give me an example of your settings, what you expect and what you got
thnx